The Web services gateway and WS-Security:

The Web services gateway and WS-Security

One can configure the gateway for secure transmission of SOAP messages using tokens, keys, signatures and encryption in accordance with the emerging

Web Services Security (WS-Security) specification .
The client generates a request which is then handled by the client Web services engine. It reads the client security configuration and applies the security defined in the ibm-webservicesclient-ext.xmi file to the SOAP message. It gets additional binding information from the ibm-webservicesclient-bnd.xmi file (for instance, the location of a keystore on the file system).
On receipt of a SOAP message, the Web services engine on the server refers to the *.xmi files for the called Web service. In this case, the ibm-webservices-ext.xmi file tells the engine what security the incoming message must have (for example, that the body of the message must be signed). If the message does not comply, then it is rejected. The Web services engine verifies any security information, then passes the message on to the Web service being called.
On the response leg from server to client, the process is reversed. The Web service *.xmi files tell the Web services engine what security to apply to the response message, and the client *.xmi files tell the client engine what security to require in the response message.
When the gateway is introduced, the scenario is more complex. Essentially it can be thought of as two separate request/response invocations. Client to gateway and gateway to target service.
WS-Security settings for the gateway are configured manually using the gateway administrative user interface.
Enabling Web Services Security (WS-Security) for the gateway
Configure the gateway security bindings
Editing the service security configuration
Editing the target service security configuration